Master Subscription Agreement – Swiss Public Sector

Master Subscription Agreement – Swiss Public Sector

This Software as a Service Subscription Agreement (“Agreement“) is entered into on the date you (“Customer”) and the Subscription Service Provider (“Beekeeper”) both sign an order form (“Order Form“) referencing this Agreement , and such date shall be the “Effective Date“. 

THIS AGREEMENT IS VALID FOR SWISS PUBLIC SERVICE INSTITUTIONS ONLY.

BY ACCEPTING THIS AGREEMENT, BY (1) CLICKING A BOX INDICATING ACCEPTANCE, (2) EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, OR (3) USING FREE SERVICES, CUSTOMER AGREES TO THE TERMS OF THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS ACCEPTING ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERM “CUSTOMER” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY, OR DOES NOT AGREE WITH THESE TERMS AND CONDITIONS, SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.

Background

(A) Beekeeper has developed a mobile communication system that can be accessed through a mobile app as well as from the web, which it makes available to subscribers via the internet on a subscription basis.

(B) The Customer wishes to use the Beekeeper’s Service in its internal business operations.

(C) Beekeeper has agreed to provide and the Customer has agreed to subscribe to and pay for Beekeeper’s service subject to the terms and conditions of this Agreement.

Agreed terms

1. Definitions

Capitalized terms not otherwise defined in the Agreement shall have the meaning set out below:

Associated Companies:
an entity that directly or indirectly controls, is controlled by, or is under common control with, a party to this Agreement. For purposes of the foregoing, “control” means the ownership of (i) greater than fifty percent (50%) of the voting power to elect directors of the entity, or (ii) greater than fifty percent (50%) of the ownership interest in the entity.

Authorized Users: those employees, agents and independent contractors of Customer who are authorized by Customer to use the Services, as further described in clause 2.3;

Authorized User Data: the personal data and information Authorized Users provide to Beekeeper and/or input by Customer into the Service for the purpose of creating an account for an Authorized User, but excluding the Customer Data and Beekeeper Data;

Beekeeper Data: means (i) such information or data provided by Beekeeper to Customer as part of the Services; (ii) any meta data extracted by Beekeeper from Customer’s use of the Services to be used to provide the Services; and (iii) any feedback or suggestions from Customer or Authorized Users to Beekeeper relating to the Services;

Business Day: as described in the Beekeeper Service Level Agreement (SLA);

Business Hours: as described in the Beekeeper Service Level Agreement (SLA);

Customer Data: the data and information provided by Customer to Beekeeper and/or inputted by Customer, Authorized Users, or Beekeeper on Customer’s behalf for the purpose of using the Services or facilitating Customer’s use of the Services or data collected and processed by or for Customer through Customer’s use of the Services, but excluding Beekeeper Data and Authorized User Data;

Claim Year: means each successive period of twelve (12) months commencing on the Effective Date of this Agreement;

Confidential Information: information of a party that is proprietary or confidential and is either clearly labelled as such; identified as Confidential Information in clause 10; and/or a reasonable person would understand to be confidential or proprietary at the time of disclosure;

Disaster Recovery Policy: the Beekeeper disaster recovery policy currently in place as may be amended by Beekeeper from time to time;

Fees: means Subscription Fees and any additional fees or expenses as set out in the Order Form;

Initial Subscription Term: the initial term of the subscription as set out in the Order Form;

Inappropriate Content: content which (a) is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive; (b) facilitates illegal activity; (c) depicts sexually explicit images; (d) promotes unlawful violence; (e) is discriminatory based on race, gender, color, religious belief, sexual orientation, disability; or (f) causes damage or injury to any person or property;

Intellectual Property Rights: including without limitation, rights in patents, trademarks, service marks, trade names, other trade-identifying symbols and inventions, copyrights, design rights, database rights, rights in know-how, trade secrets and any other intellectual property rights arising anywhere in the world, whether registered or unregistered, and including applications for the grant of any such rights;

Order Form: the Order Form submitted by Customer to Beekeeper with details of the Services and forming part of this Agreement;

Privacy Policy: the Beekeeper privacy policy (https://beekeeper.io/privacy-policy/).

Renewal Period: has the meaning set out in clause 14.1 below;

Services: means (i) use of the Software in accordance with this Agreement, (ii) use of Beekeeper Data; (iii) the provision of the Support Services and (iv) access to the Beekeeper hosting platform;

Software: the internal communications software applications provided by Beekeeper as part of the Services and as set out in the Order Form;

Subscription Fees: the subscription fees payable by Customer to Beekeeper for the User Subscriptions, as set out in the Order Form;

Subscription Term: means the Initial Subscription Term and any subsequent Renewal Periods;

Support Services: means the Beekeeper standard support services provided by Beekeeper in accordance with the Service Level Agreement in respect of the Software, including any applicable Software maintenance upgrades;

SLA Support Services Policy: Beekeeper’s policy for providing the Support Services to Customer and where applicable, any enhanced support services which may be purchased by Customer, as made available to Customer from time to time;

Taxes: including without limitations, withholding, sales, use, excise, value added tax and similar taxes but shall not include taxes based on Beekeeper’s gross income;

Third Party Applications: means online applications and offline software products that are provided by third parties and interoperate with the Services as listed in the Beekeeper 3rd Party Use Statement Declaration Form available under Beekeeper Privacy Policy;

User Subscriptions: the user subscriptions purchased by Customer in accordance with the Agreement for the number of Authorized Users as set out in the Order Form which entitle such Authorized Users to access and use the Services in accordance with this Agreement; and

Virus: any thing or device (including any software, code, file or program) which may prevent, impair or otherwise adversely affect the access to or operation, reliability or user experience of any computer software, hardware or network, telecommunications service, equipment or network or any other service or device, including worms, trojan horses, viruses and other similar things or devices.

2. User Subscription

2.1 Beekeeper shall provide the Services during the Subscription Term in accordance with the terms set out in this Agreement.

2.2 Subject to the Customer purchasing the User Subscription(s), the restrictions set out in this clause 2 and the terms and conditions of this Agreement, Beekeeper hereby grants to the Customer a non-exclusive, non-transferable right to permit the Authorized Users to use the Services during the Subscription Term solely for Customer’s internal communications.

2.3 In relation to the Authorized Users, Customer undertakes that:

2.3.1 the maximum number of Authorized Users that it authorizes to access and use the Services shall not exceed the number of User Subscriptions it has purchased from time to time. Customer further undertakes that it will not allow any User Subscription to be used by more than one per individual Authorized User unless it has been reassigned in its entirety to another individual Authorized User, in which case the prior Authorized User shall no longer have any right to access or use the Services;

2.3.2 each Authorized User shall keep a secure password for his use of the Services, that such password shall be changed frequently and that each Authorized User shall keep his password confidential.

2.4 Customer shall not access, store, distribute or transmit any Viruses, or any material, including without limitation Customer Data and the Authorized User Data, during the course of its use of the Services that:

2.4.1 is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;

2.4.2 facilitates illegal activity; or

2.4.3 in a manner that is otherwise illegal or causes damage or injury to any person or property; and Beekeeper reserves the right, without liability or prejudice to its other rights to Customer, to disable Customer’s access to any material that breaches the provisions of this clause.

2.5 Customer shall not:

2.5.1 attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software in any form or media or by any means; or

2.5.2 attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software; or

2.5.3 access all or any part of the Services in order to build a product or service which competes with the Services; or

2.5.4 use the Services to provide services to third parties; or

2.5.5 license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services available to any third party except the Authorized Users, or

2.5.6 attempt to obtain, or assist third parties in obtaining, access to the Services, other than as provided under this clause 2.

2.6 Customer shall use all reasonable endeavours to prevent any unauthorized access to, or use of, the Services and, in the event of any such unauthorized access or use, promptly notify Beekeeper.

3. Additional User Subscriptions

Customer may, from time to time during any Subscription Term, purchase additional User Subscriptions in excess of the number set out in the Order Form for the additional fees set out in the Order Form and Beekeeper shall grant access to the Services to such additional Authorized Users in accordance with the provisions of this Agreement.

4. Services Availability and Support

4.1 Beekeeper shall use commercially reasonable endeavours to make the Services (excluding any Third Party Applications) available 24 hours a day, seven days a week and for at least 99.9 per cent of the time, excluding:-

4.1.1 any planned downtime out of Business Hours provided Customer is given 24 hours notice of such;

4.1.2 congestion whereby high traffic levels result in service disruption, caused by the Customer exceeding any agreed capacity;

4.1.3 Customer inaccessibility: if, for any reason, the Customer cannot be reached to correct an availability issue, then time will be frozen until Beekeeper can make contact with the Customer to begin fixing the availability issue;

4.1.4 issues resulting from problems caused by Customer’s failure to follow agreed procedures, or caused by unauthorized changes to the Services by the Customer;

4.1.5 material breach by Customer of the terms of this Agreement; or

4.1.6 a force majeure event (see clause 15.8.).

4.2 Beekeeper will, as part of the Services and at no additional cost to Customer, provide Customer with Beekeeper’s standard Support Services during Business Hours in accordance with Beekeeper’s SLA Support Services Policy for standard Support Services in effect at the time that the Support Services are provided. Beekeeper may amend the SLA Support Services Policy for improvements in its sole and absolute discretion from time to time.

4.3 Customer may purchase enhanced support service packages separately, as may be offered by Beekeeper from time to time, as detailed in an Order Form, at Beekeeper’s then current rates for any such additional support services (as notified to Customer by Beekeeper from time to time).

5. Charges and payment

5.1 Customer shall pay the Subscription Fees and any additional applicable fees related to the Services as set out in the Order Form to Beekeeper in accordance with this clause 5. Unless otherwise agreed in the Order Form, Beekeeper may invoice Customer for the Subscription Fees yearly in advance on or after the Effective Date and thereafter on each anniversary of the initial invoice date for the duration of the Subscription Term.

5.2 Unless otherwise specified in the Order Form, all Fees and approved expenses shall be paid by Customer in full and without deduction within thirty (30) days of the date of invoice.

5.3 If Beekeeper has not received payment for any invoices by the due dates and without prejudice to any other rights and remedies of Beekeeper, Beekeeper
may:

5.3.1 by giving thirty (30) Business Days prior written notice to Customer, without liability to Customer, disable Customer’s password, account and access to all or part of the Services and Beekeeper shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid; and

5.3.2 charge interest which shall accrue on such due amounts at the higher of (i) an annual rate equal to 4% or (ii) the standard statutory delay interest rate under applicable law.

5.4 All amounts and Fees stated or referred to in this Agreement are non-refundable and are exclusive of all Taxes. Customer shall be solely responsible for, and paying all applicable Taxes relating to this Agreement, and the use or access to the Services.

5.5 Beekeeper shall be entitled to increase the annual fees by ten percent (10%) for Subscription Fees with effect from the start of each Renewal Period.

6. Customer Obligations

6.1 Customer shall:

6.1.1 provide all necessary co-operation and information as may be reasonably required by Beekeeper in order to provide the Services. In the event of any delays in Customer’s provision of such assistance, Beekeeper may adjust any agreed timetable or delivery schedule as reasonably necessary;

6.1.2 ensure that its Authorized Users use the Services in accordance with the terms and conditions of this Agreement, comply with all applicable laws and regulations with respect to its activities under this Agreement and only use the Services for lawful purposes. Customer shall be liable for any Authorized User’s breach of this Agreement;

6.1.3 be solely responsible for procuring and maintaining its network connections and telecommunications links and all problems, conditions, delays and delivery failures arising from or relating to Customer’s network connections or telecommunications links;

6.1.4 use all reasonable efforts to prevent any unauthorized access to, or use of, the Services and, in the event of any such unauthorized access or use, promptly notify Beekeeper;

6.1.5 not include any Inappropriate Content or Viruses or any other information or material, any part of which, or the accessing of which or use of which would be a criminal offense or otherwise unlawful including the breach of any Intellectual Property Rights of any other party. Beekeeper reserves the right, but is not obliged, to remove such content from where, in its sole and reasonable discretion, Beekeeper suspects such content to be Inappropriate Content, upon notice to Customer;

6.1.6 be solely responsible for moderating any content posted by Authorized Users and advising Authorized Users what they may and may not post through the Services by means of Customer’s own policies;

6.1.7 be solely responsible for the accuracy, completeness, design, appropriateness, creation, maintenance, and updating thereof of all Customer Data in the use of the Services. Beekeeper shall not be liable for any errors or inaccuracies in any Customer Data or beyond its responsibility to accurately reproduce such Customer Data on Customer’s instruction; and

6.1.8 be responsible for obtaining all necessary licenses and consents required to use Customer Data (if any, and including but not limited to those from the owners or licensees of any third party information) and as part of the Services and Customer warrants and represents that such licenses and consents have been obtained.

7. Warranty

7.1 Beekeeper warrants that the Services (excluding any Third Party Application) will be performed with reasonable skill and care for the Subscription Term.

7.2 The warranty provided in clause 7.1 shall not apply to the extent of any non-conformance which is caused by Customer’s use of the Services contrary to Beekeeper’s’ instructions, or modification or alteration of the Services by any party other than Beekeeper or Beekeeper’s duly authorized contractors or agents. If the Services do not conform with the warranty provided in clause 7.1, Beekeeper will, at its expense, use commercially reasonable efforts to correct any such non-conformance promptly, or provide the Customer with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes Customer’s sole and exclusive remedy, and Beekeeper’s sole and exclusive liability for any breach of the warranty. Notwithstanding the foregoing, Beekeeper:

7.2.1 does not warrant that Customer’s use of the Services will be uninterrupted or error-free; or that the Services and/or the information obtained by Customer through the Services will meet Customer’s requirements;

7.2.2 is not responsible for any delays, delivery failures, or any other loss or damage resulting from Customer’s access to and use of the Services through third party applications (such as Google) or the transfer of data over communications networks and facilities, including the internet, and Customer acknowledges that the Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities;

7.2.3 is not responsible for any Virus which was not detected by Beekeeper using reasonable current commercial methods of detection;

7.2.4 nor its suppliers, shall have any liability whatsoever for the accuracy, completeness, or timeliness of Customer Data, or for any decision made or action taken by Customer, any Authorized User, or any third party in reliance upon any Customer Data.

7.3 Except as expressly provided for in this clause 7, Beekeeper (and its Associated Companies and its suppliers) disclaim all other warranties, express, implied or statutory, including warranties, terms and conditions of merchantability, accuracy, correspondence with description, fitness for a particular purpose or use and satisfactory quality, and non-infringement.

7.4 If Customer installs or enables Third Party Applications for use with Services, Customer acknowledge that Beekeeper may allow providers of those Third Party Applications to access Customer Data and Authorized User Data as required for the interoperation of such Third Party Applications with the Services. Beekeeper shall not be responsible for any disclosure, modification or deletion of Customer Data and Authorized User Data resulting from any such access by Third Party Application providers, and any such access and use of Customer Data and Authorized User Data shall be subject to the privacy policies of such Third Party Application provider. The Services shall allow Customer to restrict such access by restricting Authorized Users from installing or enabling such Third Party Applications for use with the Services.

7.5 Services may be subject to other limitations as indicated on the Order Form, such as, for example, limits on the used storage, on the used bandwidth and/or on the size of attachments such as photos or files.

7.6 NOTWITHSTANDING THE FOREGOING, BEEKEEPER: 

7.6.1 DOES NOT WARRANT THAT CUSTOMER’S USE OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE; OR THAT THE SERVICES AND/OR THE INFORMATION OBTAINED BY CUSTOMER THROUGH THE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS; 

7.6.2 IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR ANY OTHER LOSS OR DAMAGE RESULTING FROM CUSTOMER’S ACCESS TO AND USE OF THE SERVICES THROUGH THIRD PARTY APPLICATIONS (SUCH AS GOOGLE) OR THE TRANSFER OF DATA OVER COMMUNICATIONS NETWORKS AND FACILITIES, INCLUDING THE INTERNET, AND CUSTOMER ACKNOWLEDGES THAT THE SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS AND OTHER PROBLEMS INHERENT IN THE USE OF SUCH COMMUNICATIONS FACILITIES; 

7.6.3 IS NOT RESPONSIBLE FOR ANY VIRUS THAT WAS NOT DETECTED BY BEEKEEPER USING REASONABLE CURRENT COMMERCIAL METHODS OF DETECTION; 

7.6.4 NOR ITS SUPPLIERS, WILL HAVE ANY LIABILITY WHATSOEVER FOR THE ACCURACY, COMPLETENESS, OR TIMELINESS OF CUSTOMER DATA, OR FOR ANY DECISION MADE OR ACTION TAKEN BY CUSTOMER, ANY AUTHORIZED USER, OR ANY THIRD PARTY IN RELIANCE UPON ANY  CUSTOMER DATA.  EXCEPT AS EXPRESSLY PROVIDED FOR IN THIS SECTION 7, BEEKEEPER (AND ITS ASSOCIATED COMPANIES AND ITS SUPPLIERS), ALL SERVICES ARE PROVIDED “AS IS” AND BEEKEEPER HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHER, AND BEEKEEPER SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE OR TRADE PRACTICE.

8. Customer Data. 

8.1 Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, appropriateness, completeness, reliability, integrity, accuracy and quality of the Customer Data and Authorized User Data.

8.2 Solely to enable Beekeeper to provide the Services to Customer, Customer grants Beekeeper and its Associated Companies a non-exclusive licence for the Subscription Term and 30 days afterwards to (i) host, copy, transmit and display Customer Data and to incorporate the Customer Data with the Beekeeper Data and (ii) where necessary, to transfer Customer Data to Third Party Application providers used by Beekeeper, only as required for the provision of the Services and in accordance with Beekeeper’s Privacy Policy or the Beekeeper Data Processing Agreement.

8.3 Customer acknowledges that responsibility for all Customer Data and any communications with others or between Authorized Users using the Services is the sole and exclusive responsibility of Customer and that Beekeeper will not be held responsible in any way for any copyright infringement or violation, or the violation of any other person’s rights or the violation of any laws, including but not limited to infringement or misappropriation of copyright, trademark or other property right of any person or entity, arising or relating to Customer Data. Customer agrees to indemnify and hold harmless Beekeeper from and against all losses, damages, actions or causes of action, suits, claims, demands, penalties and interest arising in connection with or out of any such Customer Data, to the extent not caused by Beekeeper’s willful misconduct.

8.4 Beekeeper shall follow its safeguarding procedures for Customer Data and Authorized User Data as set out in its Disaster Recovery Policy as such document may be amended by Beekeeper in its sole discretion from time to time, which shall be made available to Customer upon request. In the event of any loss or damage to Customer Data, Customer’s sole and exclusive remedy shall be for Beekeeper to use commercially reasonable efforts to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by Beekeeper in accordance with the archiving procedure described in its Disaster Recovery Policy. Beekeeper shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party, (except those third parties sub-contracted by Beekeeper to perform services related to Customer Data maintenance and
back-up) unless solely caused by Beekeeper’ negligence or willful misconduct.

8.5 Customer acknowledges that Beekeeper is not obliged to edit, moderate or modify Customer Data (including third party information). However, Beekeeper reserves the right to remove any Customer Data (or third party information) which Beekeeper reasonably believes breaches any laws or regulations or any third party’s rights or this Agreement and/or is deemed Inappropriate Content. Beekeeper will notify Customer if it removes any Customer Data (or third party information) in accordance with this clause. Beekeeper disclaims all liability of any kind in respect of Customer Data, third party information and any other material which can be accessed using the Services. Beekeeper expressly disclaims all liability for any fraud committed in connection with the Services.

8.6  Beekeeper commits to provide Customer with Data Center facilities at all times in Switzerland and under the governance of Swiss Law to host Customer Data.

9. Data Protection

9.1 Beekeeper acknowledges that the Customer is acting as a data controller in respect of any Authorized User Data (or Customer Data containing personal data). To the extent that Beekeeper has access to and processes any such Authorized User Data (or Customer Data containing personal data) in the provision of the Services, Beekeeper shall use reasonable endeavors to:

9.1.1 keep all personal data of Customer and Customer’s Authorized Users secure and have in place appropriate technical and organizational measures to ensure an appropriate level of security for the processing of such personal data of Customer and Customer’s Authorized Users and to protect such personal data of Customer and Customer’s Authorized Users against unauthorized or unlawful processing or accidental loss, destruction or damage;

9.1.2 preserve the integrity of such personal data of Customer and Customer’s Authorized Users and to prevent the loss or corruption of the personal data of Customer and Customer’s Authorized Users;

9.1.3 only process such personal data of Customer and Customer’s Authorized Users in accordance with the instructions and directions of the Customer and Customer’s Authorized Users; and

9.1.4 immediately and no later than 72 hours inform Customer of any security breach, loss, data leak, or unauthorized disclosure with respect to any personal data (collectively, “Data Breach”), investigate the Data Breach, take all necessary steps to close the cause of the Data Breach and prevent recurrence (to the extent such cause is within the control of Beekeeper); and

9.1.5 provide such reasonable assistance and information to the Customer as it may reasonably require to allow the Customer to comply with its obligations under the Swiss Federal Act on Data Protection (FADP:1992) and/or any applicable Swiss Cantonal directives or regulations on Data Protection and Privacy including any revisions then after.

9.2 For the purposes of this Clause 9 the terms “data controller”, “personal data”, “process” and “processing” shall have the meaning set out in the Swiss Federal Act on Data Protection (FADP:1992) and/or any applicable Swiss Cantonal directives or regulations on Data Protection and Privacy including any revisions then after.

9.3 Beekeeper shall comply at all times with all applicable privacy laws.

10. Confidentiality

10.1 Each party may be given access to Confidential Information from the other party in order to perform its obligations under this Agreement. A party’s Confidential Information shall not be deemed to include information that:

(a) is or becomes publicly known other than through any act or omission of the receiving party;

(b) was in the other party’s lawful possession before the disclosure;

(c) is lawfully disclosed to the receiving party by a third party without restriction on disclosure;

(d) is independently developed by the receiving party, which independent development can be shown by written evidence; or

(e) is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.

10.2 Each party shall hold the other’s Confidential Information in confidence and, unless required by law, not make the other’s Confidential Information available to any third party, or use the other’s Confidential Information for any purpose other than the implementation of this Agreement. Each party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this Agreement. Neither party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party.

10.3 Customer acknowledges that details of the Software, Services, Beekeeper Data and the results of any performance tests of the Services, constitute Beekeeper’s Confidential Information. Beekeeper acknowledges that the Customer Data is the Confidential Information of Customer.

10.4 Beekeeper has the right to name Customer as a reference for marketing purposes upon receipt of a written confirmation from the Customer. 

11. Beekeeper IP Ownership

Customer acknowledges and agrees that Beekeeper and/or its licensors own all Intellectual Property Rights in the Software, Services and Beekeeper Data. Except as expressly stated herein, this Agreement does not grant Customer any rights to, or in, patents, copyrights, database rights, trade secrets, trade names, trademarks (whether registered or unregistered), or any other rights or licenses in respect of the Software, Maintenance Releases, Services or Beekeeper Data.

12. Indemnity

12.1 Beekeeper will defend Customer against any claim, demand, suit or proceeding made or brought against Customer by a third party alleging that the use of a purchased Service in accordance with this Agreement infringes or misappropriates such third party’s intellectual property rights (a ” Claim“), and will indemnify Customer from any damages, attorney fees and costs finally awarded against Customer as a result of, or for amounts paid by Customer under a court-approved settlement of a Claim, provided Customer (a) gives Beekeeper written notice of any Claim, (b) give Beekeeper sole control of the defense and settlement of the Claim (except that Beekeeper may not settle any Claim unless it unconditionally releases Customer of all liability), and (c) give Beekeeper all reasonable assistance, at Beekeeper’s expense. If Beekeeper receives information about a Claim, Beekeeper may in its discretion and at no cost to Customer (i) modify the Service so that it no longer infringes or misappropriates, without breaching the warranty under Section 7.1 (Warranties), (ii) obtain a license for Customer’s continued use of that Service in accordance with this Agreement, or (iii) terminate Customer’s subscription for that Service and refund Customer any prepaid Fees covering the remainder of the Subscription Term. The above defense and indemnification obligations do not apply to the extent a Claim arises from:

(a) the Third Party Applications or Customer’s use thereof;

(b) a modification of the Services by anyone other than Beekeeper or its subcontractors;

(c) Customer’s use of Services otherwise than in accordance with the Agreement and/or Order Form;

(d) Customer’s use of the Services in connection with Third Party Applications or any other third party services or products where such services or products cause the Claim; or

(e) Customer’s use of the Services after notice of the alleged or actual Claim from Beekeeper or the appropriate authority.

12.2 Customer will defend Beekeeper against any claim, demand, suit or proceeding made or brought against Beekeeper by a third party alleging that Customer Data, or Customer’s use of any Service infringes or misappropriates such third party’s intellectual property rights or violates applicable law (a “Claim Against Beekeeper“), and will indemnify Beekeeper from any damages, attorney fees and costs finally awarded against Beekeeper as a result of, or for any amounts paid by Beekeeper under a court-approved settlement of, a Claim Against Beekeeper, provided Beekeeper (a) promptly gives Customer written notice of the Claim Against Beekeeper, (b) gives Customer sole control of the defence and settlement of the Claim Against Beekeeper (except that Customer may not settle any Claim Against Beekeeper unless it unconditionally releases Beekeeper of all liability), and (c) gives Customer all reasonable assistance, at Customer’s expense.

13. Limitation of liability

13.1 The exclusions in this section 13 shall apply to the fullest extent permissible at law but neither party excludes liability for death or personal injury caused by its negligence or that of its officers, employees, contractors or agents; fraud or fraudulent misrepresentation; or any other liability which cannot be excluded by law.

13.2 Except with respect to amounts owed by Customer to Beekeeper hereunder and save in the event of a claim under clause 10 or clause 12, the aggregate liability of each party for or in respect of any loss or damage suffered by the other party (whether due to breach of contract, tort (including negligence) or otherwise) under or in connection with this Agreement in any Claim Year shall be limited to the total amount of Fees paid by Customer during such Claim Year.

13.3 To the maximum extent permitted by applicable law, in no event will either party be liable to the other for special, consequential, incidental or other indirect damages, or for loss of profits, anticipated savings, business opportunity, goodwill, or loss of revenue, loss of use or loss of data (including corruption of data), or costs of procurement of substitute goods or services arising of this Agreement, howsoever caused and under any theory of liability (including contract, tort, negligence or otherwise) even if the other party has been advised of the possibility of such damages.

13.4 In addition to the other exclusions set out in this clause 13, Beekeeper has no liability where any failure to provide the Services is caused by:

13.4.1 a network, hardware or software fault in equipment which is not under the control of Beekeeper;

13.4.2 any act or omission of Customer;

13.4.3 use of the Services contrary to this Agreement; or

13.4.4 any unauthorized access to the Services including a malicious security breach.

13.5 In the event of any loss or damage to Customer Data, Customer’s sole and exclusive remedy shall be as set out in clause 8.4.

14. Term and Termination

14.1 This Agreement shall, unless otherwise stated in the Order Form or terminated as provided in clause 12.1 or this clause 14, commence on the Effective Date and shall continue for the Initial Subscription Term. Thereafter, unless stated to the contrary in an Order Form, this Agreement automatically renews for successive periods of 12 months (each a “Renewal Period“), unless either party terminates with sixty (60) days written notice prior to the end of the Initial Subscription Term or relevant Renewal Period or otherwise terminates in accordance with the provisions of this Agreement. The Initial Subscription Term together with any subsequent Renewal Periods shall constitute the ” Subscription Term“. Without a Renewal Period in place, Customer’s access and use of the Service shall automatically terminate.

14.2 Without prejudice to any other rights or remedies to which the parties may be entitled, either party may terminate this Agreement without liability to the other at any time with immediate effect upon written notice if the other party:

14.2.1 is in material breach of any of its obligations under this Agreement and, in the case of a breach which is capable of remedy, fails to remedy such breach within thirty (30) days following notice of the breach; or

14.2.2 voluntarily files a petition under bankruptcy or insolvency law; shall have a receiver or administrative receiver appointed over it or any of its assets; or if the other party shall become subject to an administration order or shall enter into any voluntary arrangement with its creditors or shall cease or threaten to cease to carry on business; or is subject to any analogous event or proceeding in any applicable jurisdiction.

14.3 On termination of this Agreement for any reason:

14.3.1 all right of use granted under this Agreement shall immediately terminate;

14.3.2 Customer shall cease the use of the Services;

14.3.3 Customer shall promptly pay all monies due under this Agreement;

14.3.4 each party shall return and make no further use of any equipment, property, Software and Services and other items (and all copies of them) belonging to the other party;

14.3.5 Beekeeper may destroy or otherwise dispose of any of Customer Data in its possession unless Beekeeper receives, no later than thirty (30) days after the effective date of the termination of this Agreement, a written request for the delivery to Customer of the then most recent back-up of the Customer Data. Beekeeper shall deliver the back-up to Customer following its receipt of such a written request. After such 30 day period, Beekeeper shall have no obligation to maintain or provide Customer Data, and shall thereafter delete and destroy all copies of Customer Data in Beekeeper’s control, unless prohibited by law.

15. General

15.1 Entire Agreement. This Agreement together with any Order Form sets out the entire agreement and understanding between the parties and supersedes any previous agreement between the parties relating to its subject matter. Unless otherwise expressly agreed in writing this Agreement applies in place of and prevails over any terms or conditions contained in or referred to in any correspondence or elsewhere or implied by trade custom or course of dealing. Any general terms of business or other terms and conditions of any order or other document issued by Customer in connection with this Agreement shall not be binding on Beekeeper. In entering into this Agreement each party acknowledges and agrees that it has not relied on any representations made by the other except as set forth in this Agreement. Any such representations are excluded. Nothing in this clause shall limit liability for any representations made fraudulently.

15.2 Waiver. A waiver of any right under this Agreement is only effective if it is in writing and it applies only to the party to whom the waiver is addressed and to the circumstances for which it is given. Unless specifically provided otherwise, rights arising under this Agreement are cumulative and do not exclude rights provided by law.

15.3 Invalid provisions. If any provision (or part of a provision) of this Agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force. If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the parties.

15.4 Governing Law and Jurisdiction. Save for any other agreement as stated in the Order Form, all disputes arising out of or in connection with this Agreement shall be governed exclusively by substantive Swiss law excluding the conflict of law rules and the Laws in treaties including but not limited to the Uniform Law on Purchases (Vienna treaty). The Commercial Court of the Canton of Zurich shall have exclusive jurisdiction to settle any dispute which may arise out of or in connection with this Agreement, including its conclusion.

15.5 Third Party Rights. A person who is not a party to this Agreement has no rights to enforce, or to enjoy the benefit of, any term of this Agreement.

15.6 Sub-contracting and Assignment. Neither Beekeeper nor Customer may assign or otherwise transfer this Agreement or any of its rights or obligations or purport to do any such acts under it to any third party without prior written consent from the other party, such consent not to be unreasonably withheld. Notwithstanding anything to the contrary, both Parties shall have the right, upon written notice to the other Party, to assign this Agreement to any of its Associated Companies, or to an entity resulting from a merger, acquisition or other business reorganization of the impacted Party. In addition, Beekeeper shall have the right to sub-contract any of its obligations hereunder to a third party, provided that Beekeeper shall continue to remain responsible for the performance of the Services hereunder. Any attempted assignment, sub-contracting or other transfer in violation of this provision shall be null and void.

15.7 No partnership or agency. Nothing in this Agreement is intended to or shall operate to create a partnership between the parties, or authorize either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).

15.8 Force Majeure. Beekeeper shall have no liability to Customer under this Agreement if it is prevented from or delayed in performing its obligations under this Agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of Beekeeper or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, fire, flood or storm. Beekeeper shall provide Customer with notice of such an event and its expected duration.

15.9 Notices. All notices to be given under this Agreement shall be given in English in writing to the address as shall be given by either Party to the other in writing. Any notice involving non-performance, termination, or renewal shall be hand-delivered or sent by recognized overnight courier or by certified mail, return receipt requested. Notices given by Beekeeper regarding price changes, discount category changes, product discontinuance, product changes, and logistics centre changes may in addition be sent by e-mail to the person(s) specified by Customer from time to time. All other notices not referred to elsewhere in this clause 15.9 or this Agreement, may be sent by (i) post or (ii) e-mail (legal@beekeeper.io). All notices shall be deemed to have been given and received on the earlier of actual receipt or three (3) days from the date of postmark or date and time an email is sent.

15.10 Variations. Save as otherwise expressly stated in this Agreement, this Agreement may only be modified or varied in writing executed by duly authorized representatives of both parties.

15.11 Survival. In addition to those provisions which by their nature are intended to survive any termination of this Agreement, clauses 9, 10, 11, 12, 13, 14.3 and 15, of this Agreement shall survive such termination or expiration of this Agreement.15.12 Export Control. The Service, Software and other Beekeeper materials are subject to the export control laws of various countries, including without limitation the laws of the United States, Switzerland and the UK. Customer agrees that it will not submit the Service or other Beekeeper materials to any government agency for licensing consideration or other regulatory approval without the prior written consent of Beekeeper, and will not export the Service, Software, Beekeeper Data and Beekeeper materials to countries, persons or entities prohibited by such laws. Customer shall also be responsible for complying with all applicable governmental regulations of the country where Customer is registered, and any foreign countries with respect to the use of the Service or other Beekeeper materials by Customer and its Authorized Users. Customer will not engage in any activity that would cause Beekeeper to be in violation of any such export control laws and regulations.

Data Processing Agreement – Swiss Public Sector

Master Subscription Agreement – Swiss Public Sector

Between
Beekeeper AG
Hardturmstrasse 181
8005 Zürich
Switzerland
(Beekeeper AG as “Processor”)

and

(as “Controller”, if not defined otherwise on page 1)
THIS AGREEMENT IS VALID FOR SWISS PUBLIC SERVICE INSTITUTIONS ONLY.

This Data Processing Agreement (DPA) is for the parties to establish an agreement on the roles and responsibilities within the framework of the listed Principles, between the Processor (Beekeeper AG, Hardturmstrasse 181, 8005 Zurich, Switzerland) and the Controller:

Whereas the intention of the Processor is to:

  1. Provide a DPA in compliance with Section 2 Art. 4, of the Swiss Federal Act on Data Protection (FADP:1992) and any applicable Swiss Cantonal directives or regulations on Data Protection and Privacy including any revisions then after;
  2. In compliance to Section 2 Art. 7 of the Swiss Federal Act on Data Protection (FADP:1992) and any applicable Swiss Cantonal directives or regulations on Data Protection and Privacy including any revisions then after;
  3. Process the personal and other data only further to documented instructions from the Controller, including restriction of access by other parties not a signatory to this DPA, or transfer of personal data to third countries or international organizations, unless provided otherwise by Swiss or agreed Cantonal law to which the Processor is subject;
  4. Take all appropriate technical and organizational measures including breach management and notification;
  5. Achieve transparency with the use of all sub-processors and third party companies towards the Controller,
  6. Impose on its sub-processors the data protection obligations set out in the commercial agreement (or legal act) between the Controller and the Processor;
  7. Taking into account the nature of the processing, assist the Controller by taking appropriate technical and organizational measures, insofar as possible, to ensure fulfilment of the Controller obligation to reply to requests by data subjects exercising their rights;
  8. Assist the Controller in ensuring compliance with its security and certain other obligations, taking into account the nature of the processing and the information available to the Processor;
  9. At the Controller choosing, delete or return all personal and other data to the Controller upon completion of the processing services and return any existing copies of the data, unless Swiss or agreed Cantonal law requires that the personal data be stored for a longer duration;
  10. Make available to the Controller all information necessary to demonstrate compliance with its obligations and allow and cooperate fully with audits, including inspections, conducted by the Controller or another person authorised to this end by the Controller.

Preamble
This DPA details the parties’ obligations on the protection of personal data, associated with the processing of personal data on behalf of Company as a data controller, and described in detail in the Beekeeper SaaS Subscription Agreement as signed respectively between the two Parties (hereinafter, the “Agreement”). Its regulations shall apply to any and all activities associated with the Agreement, in whose scope Processor’s employees or agents process Company’s personal data (hereinafter, “Data”) on behalf of Company as a controller (hereinafter, “Contract Processing”).

§ 1 Duration and specification of contract processing of Data

The scope and duration and the detailed stipulations on the type and purpose of Contract Processing shall be governed by the Agreement. Specifically, Contract Processing shall include, but not be limited to, the Data as declared in Annex 1 of this DPA.

§ 2 Scope of application and responsibilities

  1. The Processor shall act exclusively on documented instructions or service agreements from the Company. The Processor shall ensure that the Company Data entrusted is not used for other purposes or processed in any other way or form than as stated in the Company instructions, including transfer of Company Data to a third country or an international organisation.
  2. Processor shall process Data on behalf of Company. Such Contract Processing shall include all activities detailed in the Agreement and its statement of work. Company shall be solely responsible for compliance with the applicable statutory requirements on data protection, including, but not limited to, the lawfulness of disclosing Data to Processor and the lawfulness of having Data processed on behalf of Company. Company shall be the »controller«.
  3. The Processor shall process the Company Data in accordance with the law in force at any time. If the Processor deems an instruction to be in breach of such legislation, the Processor shall promptly inform the Company accordingly. However, this shall not apply if the law in question prohibits such notification for reasons of substantial public interest.
  4. The Processor may not process the Company Data (including Personal Data) for any purpose other than instructed, unless the Processor is obliged to do so under the Swiss FADP, or agreed Cantonal data processing law as applicable. If so, the Processor shall notify the Company of such legal obligation before commencing the processing.

§ 3 Processor’s obligations

  1. For the performance of the obligations in relation to this Data Processing Agreement, the Processor shall only appoint such employees who were informed about all relevant data privacy obligations and instructed to comply with data secrecy pursuant to the Swiss Data Protection Act prior to performing their duties. The employees shall be sufficiently trained in order to be able to comply with their data protection and commercial contractual obligations. The Processor shall ensure an adequate level of training by implementing suitable controls. The Processor shall use additional means such as background checks of respective employees, where deem as an appropriate mitigating measure to any operational risk imposed on the Company.
  2. Except where expressly permitted by the agreement, Processor shall process data subjects’ Data only within the scope of the statement of work and the instructions issued by Company within the Agreement or this DPA. Where Processor believes that an instruction would be in breach of applicable law, Procesor shall notify Company of such belief without undue delay. Processor shall be entitled to suspending performance on such instruction until Company confirms or modifies such instruction.
  3. Processor shall, within Processor’s scope of responsibility, organise Processor’s internal organisation so it satisfies the specific requirements of data protection. Processor shall implement technical and organisational measures to ensure the adequate protection of Company’s Data, which measures shall fulfil the requirements of the Swiss FADP and specifically its Section 2 Art. 7. Processor shall implement technical and organisational measures and safeguards that ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services.
  4. Processor reserves the right to modify the measures and safeguards implemented, provided, however, that the level of security shall not be less protective than initially agreed upon.
  5. Processor shall support Company, insofar as is agreed upon by the parties, and where possible for Processor, in fulfilling data subjects’ requests and claims.
  6. Processor warrants that all employees involved in Contract Processing of Company’s Data and other such persons as may be involved in Contract Processing within Processor’s scope of responsibility shall be prohibited from processing Data outside the scope of the instructions. Furthermore, Processor warrants that any person entitled to process Data on behalf of Controller has undertaken a commitment to secrecy or is subject to an appropriate statutory obligation to secrecy. All such secrecy obligations shall survive the termination or expiration of such Contract Processing.
  7. Processor shall notify Company, without undue delay, if Processor becomes aware of breaches of the protection of personal data within Processor’s scope of responsibility.
  8. Processor shall implement the measures necessary for securing Data and for mitigating potential negative consequences for the data subject; the Processor shall coordinate such efforts with Company without undue delay.
  9. Processor shall notify the Company point of contact (Annex 1) for any issues related to data protection arising out of or in connection with the Agreement.
  10. Processor warrants that Processor fulfills its obligations to implement a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
  11. Processor shall correct or erase Data if so instructed by Company and where covered by the scope of the instructions permissible. Where an erasure, consistent with data protection requirements, or a corresponding restriction of processing is impossible, Processor shall, based on Company’s instructions, and unless agreed upon differently in the Agreement, destroy, in compliance with data protection requirements, all carrier media and other material.
  12. Processor shall, unless requested otherwise in writing at the time of termination by Company, upon termination of Contract act in accordance to the Term and Termination Clause of the Agreement.
  13. Company shall bear any extra cost caused by deviating requirements in returning or deleting data.
  14. The Processor shall maintain a record of all categories of processing activities carried out on behalf of the Controller. The record shall include the following:
    1. The name and contact information of the specific Processor, any sub-processor of the Commercial Contract (Beekeeper Software as a Service Subscription Agreement), the Company, the Data Protection Officer and, where relevant, the representative of the Processor.
    2. The categories of processing carried out by the Processor or any sub-processor on behalf of the Company.
    3. General description of the technical and organizational security measures undertaken by the Processor to safeguard the Company Data.
  15. The list shall be in writing, including in electronic format. At the request of the Company, the Processor shall at any time make the list available to the Company.
  16. When the processing of Company Data at the Processor takes place in home offices, in whole or in part, the Processor shall lay down guidelines for the personnel’s processing of Company Data in home offices. The guidelines shall be submitted to the Company upon request.
  17. The Processor shall participate in discussions, if any, with the Company and/or the Data Protection Agency and in good faith consider any recommendations and/or improvement notices, etc., from the Company and/or Data Protection Agency regarding the processing of Company Data.
  18. The Processor shall promptly inform the Company if the Data Protection Agency contacts the Processor regarding the support or services covered by the DPA.
  19. The Processor furthermore undertakes to promptly notify the Company of:
    1. Any request by a public authority for transfer of Company Data covered by the Commercial Contract, unless the notification of the Company is explicitly prohibited by law, e.g. pursuant to rules designed to ensure the non-disclosure of investigations performed by a law-enforcement authority.
    2. Any request for access received directly from the data subject or from another party.

§ 4 Company’s obligations

  1. Company shall notify Processor, without undue delay, and comprehensively, of any defect or irregularity with regard to provisions on data protection detected by Company in the results of Processor’s work.
  2. Company shall notify to Processor the point of contact for any issues related to data protection arising out of or in connection with the Agreement in Annex 1 of this DPA.
  3. In regards to compliance with the protective measures and safeguards outlined in Annex 2 of this DPA, Processor agrees to maintain an Information Security Management System in accordance to ISO 27001:2013 Control Objectives and its verified effectiveness, parties refer to the existing certification issued and available to Company upon request as proof of the appropriate guarantees. Company is familiar with the technical and organisational measures of an ISMS as outlined by the Processor, and it shall be Company’s responsibility that such measures ensure a level of security appropriate to the risk.

§ 5 Enquiries by data subjects

  1. Where a data subject asserts claims for rectification, erasure or access against Processor, and where Processor is able to correlate the data subject to Company, based on the information provided by the data subject, Processor shall refer such data subject to Company.
  2. Processor shall forward the data subject’s claim to Company without undue delay.
  3. Processor shall support Company, where possible, and based upon Company’s instruction insofar as agreed upon.
  4. Processor shall not be liable in cases where Company fails to respond to the data subject’s request in total, correctly, or in a timely manner.

§ 6 Documentation

  1. Processor shall document and prove to Company, Processor’s compliance with the obligations agreed upon in this exhibit by appropriate measures.
  2. Where specific types of documentation and proof can be identified, with regard to compliance with the obligations agreed upon, Processors may make available to Company the following information:
    1. Conducting an own self-audit or self-assessment
    2. Internal compliance regulations including external proof of compliance with these regulations
    3. Certifications on data protection and/or information security (e.g. ISO 27001)
    4. Annual Penetration Test report performed by an external company
    5. Any technical and/or organizational information deemed as necessary by the Company, excluding any information that may potentially, however remote, impact the security and/or confidentiality of another Customer or Supplier of Processor.

§ 7 Right to Audit and Inspection

  1. The Company has the right to monitor the technical and organizational measures taken by the Processor at any time.
  2. Where, in individual cases, audits and inspections to monitor the technical and organizational measures by Company or an auditor appointed by Company are necessary, such audits and inspections will require written confirmation from Processor, be conducted during regular business hours, and without interfering with Processor’s operations, upon prior notice, and observing an appropriate notice period.
  3. Processor may also require the execution of a confidentiality undertaking protecting the data of other customers and the confidentiality of the technical and organisational measures and safeguards implemented.
  4. Processor shall be entitled to rejecting auditors which are competitors of Processor.
  5. Processor shall be entitled to request a remuneration for Processor’s support in conducting inspections.
  6. Processor’s time and effort for such inspections shall be limited to one visit per calendar year, maximum of three days, unless agreed upon otherwise.
  7. Company is fully responsible for any external incurred costs by Processor for such an audit or inspection.
  8. Physical Access to Data Center locations of the Processor, is excluded from any such audit or inspection.
  9. Where a data protection supervisory authority or another supervisory authority with statutory competence for Company conducts an inspection, para. 1-6 above shall apply mutatis mutandis. The execution of a confidentiality undertaking shall not be required if such supervisory authority is subject to professional or statutory confidentiality obligations whose breach is sanctionable under the applicable criminal code.

§ 8 Subprocessors (further processors on behalf of Company)

  1. Processor shall use subprocessors as further processors on behalf of Company.
  2. Subprocesses are only those as declared in this DPA Annex 1 or where approved in advance by Company.
  3. A subprocessor relationship shall be subject to such consent of Processor commissioning subprocessors with the performance agreed upon in the Agreement, in whole or in part.
  4. Processor shall conclude, with such subprocessors, the contractual instruments necessary to ensure an appropriate level of data protection and information security and in line with the applicable data protection regulations.
  5. Processor will conduct the Software as a Service (SaaS) performance listed in the Agreement, using third party service providers as listed in the Beekeeper 3rd Party Use Statement Declaration Form.
  6. The term ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  7. Save for the Infrastructure as a Service (IaaS) providers used for Data Center services and any other subprocessors declared in Annex 1 of this DPA, any new or change of third party service provider listed in the Beekeeper 3rd Party Use Statement Declaration Form is not considered as a change to or a new subprocessor, and use thereof not subject to Company consent, agreement or notification for any reason whatsoever.
  8. Processor is responsible to ensure any use of third party service providers is done legally and in the definition of the applicable requirements and framework of the agreed upon data protection legislation.
  9. Processor shall obtain Company’s consent prior to the use of new or replacement of existing subprocessors .
  10. Company shall be entitled to contradict any change in a written notification by Processor for materially important reasons related to statutory data protection regulations or due to Company risk as a result of competitive disadvantage.
  11. Processor must notify Company six (6) months prior to commencement of use of new or replacement subprocessor. Notification must be in writing.
  12. Where Company fails to contradict such change within such period of time, Company shall be deemed to have consented to such change.
  13. Where a materially important reason for such contradiction exists, and failing an amicable resolution of this matter by the parties, both Company and Processor shall be entitled to terminate the Agreement and this DPA, to become effective for the commencement date of the use of the new or replacement subprocessor.
  14. Where Processor commissions subprocessors, Processor shall be responsible for ensuring that Processor’s obligations on data protection resulting from the Agreement and this DPA are valid and binding upon subprocessor.
  15. Any costs of the establishment of an agreement with a subprocessor or a third party, including costs in connection with the drawing up of subprocessing agreements, shall be borne by the Processor and shall be of no concern to the Company.
  16. The fact that the Company has consented to the Processor entering into an agreement with another subprocessor shall be of no consequence to the Processor’s obligation to comply with this Data Processing Agreement.

§ 9 Company Data Breach Management and Notification

  1. A “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  2. The Processor shall inform the Company immediately and in writing of any personal data breach on Processing of Personal OR Company Data as stated in this Data Processing Agreement.
  3. The Processor shall be obliged to provide the Company with any and all information necessary for the compliance with the Company obligations pursuant to the Swiss Data Protection Act on Processing of Personal Data or the Personal Data Protection regulation of any other applicable Canton.
  4. The Processor shall then without undue delay, but not later than 72 hours after the personal data breach, report to the Company.
  5. Processor shall notify the Company of the background of the security breach and the extent thereof as well as information about initiatives to safeguard against future security breach.

For Clarity & Transparency:

For the purpose of removing any assumptions, a reportable successful breach is one that is defined as “When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons”.

  • In case of a successful breach where the Personal OR Company Data is impacted, the Processor will inform the Company immediately and no later than 72 hours.

§10 Technical and organizational measures

  1. To ensure the protection of the Company Data and in order to comply with Personal Data laws and regulations, the Processor shall take the technical and organizational measures necessary.
  2. The Processor must implement and thus safeguard the Company Data with the necessary technical and organizational measures (inter alia with regard to storage, computing, networking access, transfer, input, order and availability control). Protective measures include using state-of-the-art software, computers and encryption methods as well as the use of adequate access controls for authentication and authorization (eg. two factor authentication and four eye control for authorization processes), password procedures, logging and documentation of processes and the implementation of a data security concept in accordance to measures outlined in the Processor’s Security White Paper.
  3. The measures taken shall be adequate for the protection of the specific Company Data, and protect against accidental or unlawful destruction, loss or alteration and against unauthorized disclosure, abuse or other processing in breach of the law in force at any time, including but not limited to the Swiss Data Protection Act on Processing of Personal Data or any agreed upon Cantonal requirements. This shall also apply if the processing of Company Data takes place, in whole or in part, in home offices.
  4. If the Processor is established in another CH Canton, the Processor shall comply with both the security requirements laid down in applicable law in the place of operations for the Company and the security requirements laid down in the Canton or Jurisdiction of the Processor. On transferring the Company Data, electronically transmitted Company Data or Company Data made available for download shall be secured against unauthorized access.

§11 Transfer of Company Data

The Processor may not transfer or authorize the transfer of Company Data to countries outside the agreed and communicated jurisdiction(s) in the Agreement and this DPA with the Company.

§12 Duty of confidentiality

  1. The Processor and the Processor’s personnel shall observe unconditional confidentiality as regards the processing of Company Data, and the Processor and the Processor’s personnel are thus only entitled to process Company Data in the performance of the Commercial Contract, including this DPA.
  2. The Processor warrants that the Processor’s personnel and any other subprocessor and the personnel of such other data processor who are authorized to process Company Data under this Data Processing Agreement will be subject to the duty of confidentiality as regards to Company Data which may come to their knowledge in connection with the performance of the Contract.

§13 Return and deletion of the Company Data upon cancellation and termination

Subject to the Term and Termination Clause of the Agreement, or upon written instruction by the Company and pursuant to the relevant provisions of statutory law and regulations, the Processor shall facilitate the correction, deletion and blocking of Company Data processed on behalf of the Company until these Company Data are ultimately deleted in accordance to the Agreement.

§14 Duration

  1. The Data Processing Agreement shall enter into force upon signature thereof and shall remain in force for as long as the Processor processes on behalf of the Company, or until the Agreement expires/terminates, whichever is later.
  2. Upon expiration or termination of the Data Processing Agreement, regardless of the legal reasons for the termination, the Processor shall provide the necessary services to the Company in accordance with para. 3 of the DPA.

§15 Obligations to inform, mandatory written form, choice of law

  1. Where the Data becomes subject to search and seizure, an attachment order, confiscation during bankruptcy or insolvency proceedings, or similar events or measures by outside parties while in Processor’s control, Processor shall notify Company of such action without undue delay. Processor shall, without undue delay, notify all pertinent parties in such action, that any data affected thereby is in Company’s sole property and area of responsibility, that data is at Company’s sole disposition, and that Company is the responsible body.
  2. No modification of this annex and/or any of its components – including, but not limited to, Processor’s representations and warranties, if any – shall be valid and binding unless made in writing, and furthermore only if such modification expressly states that such modification applies to the regulations of this DPA. The foregoing shall also apply to any waiver or modification of this mandatory written form.
  3. In case of any conflict, the data protection regulations of this DPA shall take precedence over the regulations of the Agreement. Where individual regulations of this DPA are invalid or unenforceable, the validity and enforceability of the other regulations of this DPA shall not be affected.
  4. The Applicable Law and Jurisdiction for this DPA is the same as the Agreement.

§16 Liability and damages

Liabilities and damages for this DPA is in the first instance what may be defined and as that set by a court of law and in the absence or agreement to exclude the first instance will be in accordance to the liability and damages set in the Agreement.

§17 Precedence

In the event of any discrepancy between the terms of this Data Processing Agreement and any other agreement between the Parties, whether in writing or oral, including the Commercial Contract, the requirements set forth in the Swiss Data Protection Act for Company Data processed in Switzerland as enforced at the time for all other jurisdictions shall determine the requirements for precedence.

§18 Counterparts and Electronic Signatures

The Data Processing Agreement shall be signed in two original copies, of which the Parties shall each receive one. This DPA may be executed in counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. Photographic, electronic PDF, and facsimile copies of such signed counterparts may be used in lieu of the originals for any purpose. The authorized signatures below may be electronic signatures in conformity with local legal practice.

ANNEX 1

Description of the Transfer and Processing

  1. Catalogue [and classification of sensitivity] of Personal Data to be transferred and processed:
  2. Purpose(s) of the transfer and processing:
  3. Categories of Persons Affected:
  4. Persons who may access or receive the Personal Data:
    Note: Subcontractors OR Subprocessors are not equal or the same as third party companies, as described in the Beekeeper “3rd Party Use Statement Declaration Form.” This DPA is applicable to Subcontractors and Subprocessors only.
  5. Additional useful information (Any agreed definitions may be stated here):
    Parties agree to the following amendments to this Beekeeper Data Processing Agreement:
  1. Beekeeper confirms and commits to provide all terms and conditions under this DPA with respect to Annex 1-Sec 4 (IaaS : Data Center Infrastructure Services) as governed under Swiss Law with respect to contractual agreements in place with Google Ireland Limited.
  2. Beekeeper confirms and commits to hosting of the Customer Tenant in the offered Beekeeper Virtual Private Cloud and Data Center Services(Annex 1-Sec.4), exclusively and only in Switzerland and governed under Swiss Law.
  3. Beekeeper confirms and commits to an Operational Model, defined as any access to Customer Tenant by Beekeeper AG (a Swiss registered company) or Beekeeper AG authorized entities for Support and Service only. Any change to the Operational Model shall be notified at least 30 days in advance to the Customer and Customer written confirmation to be provided no later than 30 days upon receipt of such notification.
  4. Beekeeper commits to monitor and meet any applicable Cantonal data processing and protection and privacy requirements. In case of any non- compliancy Beekeeper will commit to work with Customer to address security and privacy requirements to Customer’s satisfaction.
  5. Contact Information for Data Protection Inquiries (Data Protection Officer):

ANNEX 2

Technical and Organizational Measures implemented by the Processor

Documentation of the technical and organizational measures to be implemented by the processor for the proper fulfilment of the service provided.

Note: The processor is allowed to update the technical and organizational measures to the state of the art, without reducing the data protection level.

Description of the measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

  1. Measures for pseudonymisation and encryption of personal data
    With the current service and product offerings, as we do not process any data outside of the product platform limited to data storage, we do not utilize pseudonymisation measures. We do encrypt data, including Personal Data where available, as defined in our Security White Page. In short encryption is utilized for storage of data on the mobile devices. Our DB hosted in our VPC in all our Data Centers are encrypted. In practice, only encrypted links are used as Transfer channels. Please refer to our Security White Paper.
  2. Measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services:
    We have implemented a number of measures to safeguard the confidentiality, integrity, availability and resilience of the service offering, as listed below:
    1. An Information Security Management System (ISMS) Certified in accordance to ISO 27001:2013 Control Objectives.
    2. Embedded Governance structure for Operational Risk Management. This includes a comprehensive Operational Risk Management process, including BERI (Beekeeper Risk Inventory).
    3. Use of two factor authentication for all employees.
    4. Secure workplace solution accordingly with notebooks that are encrypted and anti virus protected.
    5. Implementation of a VPC (Virtual Private Cloud) with limitation to 1 jurisdiction of choice by the Data Controller. All Data Center partners hold ISO 27001 Certification among other requirements.
    6. Protection of the VPC environment with a segregated security architecture including border firewalls controlled fully by Beekeeper employees. (Security White Paper)
    7. Limited access to production tenant for authorized Beekeeper employees based on the Beekeeper Information Security Policy for Customers.
    8. No permanent access to production environment, other than individuals defined in 6 above.
    9. Governance of authorization for access based on “Need to Do—Need to Access” Principle.
    10. Control Process for access to production tenant by defined Customer Support Manager.
    11. Control Process for access to production for engineering support based on a limited time (1 hour) issued certificate from a VPN with alerting for issuance of the certificate.
    12. Separation of access for Production, Staging and Development environment.
    13. Provisioning of Dashboard functionalities for complete onsite user management by the Data Controller.
    14. Provisioning of direct interface to SSO or AD or SFTP solutions for management of authorized users for access. (if deployed by Controller)
    15. Use of the push principle when utilizing any 3rd party service (they cannot initiate data pull).
    16. Defined 3rd Party Assessment Policy (attached)
    17. Defined and controlled Change Management Process based on Submitter / Reviewer / Approver & Implementer. High level of automated in a Microservices environment.
    18. Encrypted communication based on TLS 1.2 with daily certificate verification
    19. Adequate Logging of access to Beekeeper Production environment
    20. Defined controlling measures by Risk and Compliance
    21. Continuous training and awareness seminars for all Beekeeper employees, part time/full time/contractors:
      1. Mandatory sessions per year
      2. Engineering specific sessions under Secure Coding monthly
      3. Special Information Security session offered monthly for new joiners
    22. Use of High Resilience offered Backup and Data Recovery solution
    23. Online monitoring of service availability and subscription is available to the Controller (status.beekeeper.io)
    24. Contractually binding service availability commitment for 99.9%
  3. Measures to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
    Beekeeper as a company performs Quarterly Scenario based Business Continuity and Disaster Recovery Tests, as defined in the BCP / DR Policy for Beekeeper.
  4. A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing:
    Risk Management Governance structure with the following scope:
    1. Weekly and Quarterly Risk Meeting between Engineering and Risk & Compliance
    2. Maintaining a Risk Profile by entering all identified operational Risks in BERI, see (2)2
    3. Annual Penetration Testing by an External Company
    4. On demand Penetration Testing by Customers
    5. Continuous Security Vulnerability Scanning of the code base
    6. Testing and Quality Assurance incorporated in the Change Management process
    7. Annual 3rd Party Risk Assessment as applicable according to Beekeeper 3rd Party Assessment Policy.
    8. Defined Security Incident Management Policy
    9. Defined Security Incident Notification Policy and Process.
    10. Performance of internal assessments according to ISO 27001 Control Objectives by a Certified ISO 27001 Internal Auditor.
  5. Our Vulnerability Management Program and respectively Policy consists of the following:
    1. Daily (upon code change) code base scanning using Quays Security Scanner
    2. Daily scanning of our certificates using Qualys Security Scanner
    3. NIDS + HIDS monitoring by both ourselves and our IaaS providers
    4. External full scope annual penetration tests (APPS and network and architecture)
    5. A Risk Management process to manage the Vulnerability found, assigned, etc.

Service Level Agreement (SLA) – Swiss Public Sector

Service Level Agreement (SLA) – Swiss Public Sector

This document defines the levels of service promised by Beekeeper in relation to “Support” and “Service Availability”. It also details the “Service Credits” Beekeeper may grant the Customer in the case of non-compliance with the service levels as set out in the Service Credits section.

SUPPORT

Customers experiencing incidents or problems with Beekeeper can request Support either directly via Beekeeper’s helpdesk (https://beekeeper.zendesk.com/) or via email to support@beekeeper.io.

Authorized Users can also easily submit a request directly via the Beekeeper app, or our Help Center. In addition to the above, Administrators can submit a request via the support chat function available in the Beekeeper app, and Premium Support Customers can contact their Customer Success Manager.
First response and resolution times are calculated from the moment the ticket is opened in Beekeeper’s helpdesk.

Beekeeper’s support is effective upon the effective date specified in the Order Form, and ends upon the expiration or termination of the offering under such ordering document (the “support period”). Beekeeper is not obligated to provide support beyond the end of the support period.

Beekeeper will assign a Severity Level to each support request according to the definitions below:

SEVERITY LEVEL*DEFINITION – The incident or problem is characterized by the following:
Severity 1
The Beekeeper system is down, OR Key component(s) of the Beekeeper core product offering functionality is not working AND no workaround available, AND It affects >80% of Customer Authorized Users
Severity 2
Core functionality of the Beekeeper system is not working, BUT workaround  exists, AND It affects > 50% of the Customer Authorized Users  
Severity 3
Non-core functionality is not working. The effect of the incident or problem does not directly impact the customer’s ability to use Beekeeper, OR It affects < 50% of the Customer Authorized Users
Severity 4
Customer experiencing incident or problem which is not level 1, 2 or 3 classified, OR Non-Beekeeper device specific problem, OR Sporadic occurrences

*This excludes iOS Beekeeper App Support which is covered separately below.

According to the Severity Level, the following First Response and Resolution Time apply:

SEVERITY LEVELFIRST RESPONSE TIMERESOLUTION TIME
Severity 18 Business  Hours48 Business Hours
Severity 216 Business Hours72 Business Hours
Severity 324 Business Hours30 Business Days
Severity 440 Business Hours60 Business Days

First response time = The time between the ticket being opened in Beekeeper’s help desk and confirmation to the customer via the ticketing system that we have received the request and are investigating the incident or issue (any automated response from the ticketing system does not count towards first response time)

Resolution time = The time between the ticket being opened in Beekeeper’s help desk and the removal of the incident or problem. For Severity 1 issues, the provision of a workaround means Beekeeper will downgrade the Severity Level to Severity 2 or Severity 3 based on the extent to which the workaround improves the situation. For Severity 4 issues, Beekeeper retains the right to decide through their internal product development prioritization process which features to add or change.

Business Hours = First response: 9am – 3am (CET) during Business Days., Resolution: 9am – 6pm (CET) during Business Days.

Business Days = Monday to Friday excluding public holidays.

Exclusions

  1. Problems related to iOS apps have a different resolution times due to the internal AppStore processes managed by Apple Inc. and are outside of Beekeeper’s control.
  2. Requests for new features are not covered by this SLA.

SERVICE AVAILABILITY

Beekeeper will make commercially reasonable efforts to ensure the Services (excluding any Third Party Applications) are available 24/7 for at least 99.9% of the time, excluding,

  1. Any planned downtime out of Business Hours provided Customer is given 24 hour notice of such;
  2. Congestion whereby high traffic levels result in service disruption, caused by the Customer exceeding any agreed capacity;
  3. Customer inaccessibility: if, for any reason, the Customer cannot be reached to correct an availability issue, then time will be frozen until Beekeeper can make contact with the Customer to begin fixing the availability issue;
  4. Issues resulting from problems caused by Customer’s failure to follow agreed procedures, or caused by unauthorized changes to the Services by the Customer; (v) material breach by Customer of the terms of this Agreement; or (vi) a force majeure event as defined in the Beekeeper Subscription Agreement.

An availability of the service of 99.9% is guaranteed in the monthly average. The availability is defined in accordance with operating time, downtime, maintenance, and unavailability experienced.

“Unavailable Time” means the Beekeeper API is not available. The Monitoring Service reports of availability are always available at status.beekeeper.io.

SERVICE CREDITS

A “Service Credit” is a dollar credit, calculated as set forth below, that Beekeeper may credit back to an eligible, active and not-terminated Customer account:

AVAILABILITY SERVICE LEVEL DEFAULTSERVICE CREDIT
Less than 99.9% and higher than or equal to 99.5%2%
Less than 99.5% and higher than or equal to 99.0%5%
Less than 99.0%10%
SUPPORT SERVICE LEVEL DEFAULTSERVICE CREDIT
85% to 90% of Support Tickets meet the First Response and Resolution Time2%
80% to 84% of Support Tickets meet the First Response and Resolution Time5%
Less than 80% of Support Tickets meet the First Response and Resolution Time10%

Credit Request and Payment Procedure

To apply for a Service Credit, the customer must submit a ticket via support@beekeeper.io within 30 days of the month in which the Unavailable Time occurred or the Response and Resolution Time did not meet the Service Level Default. The ticket must include (i) “SLA Claim” as the subject of the ticket; (ii) the dates and times for which you are requesting credit; and (iii) any applicable information that documents the claimed outage. Service Credit shall be issued to the Customer’s Beekeeper balance for future use only. No refunds or cash value will be provided. Service Credits may not be transferred or applied to any other account.

Termination for Repeated Downtime

Notwithstanding, if the Availability is less than 98.00% in any two (2) consecutive calendar months or three (3) times in any consecutive six (6) month calendar period (each a “Triggering Event”) Customer shall have thirty (30) days from the last day of the month in which the Triggering Event occurred to terminate the Services for cause by providing thirty (30) days written notice of termination to Beekeeper. Upon receipt of a proper notice of termination, Beekeeper shall provide, upon Customer’s request, with up to thirty (30) days of continued Services (“Transition Services”) during which time Customer shall coordinate the transition of the Services to a new provider. All fees and credits called for under the Master Subscription Agreement, Order Forms, and SLA shall be in full force and effect during the Transition Services period.

Except for Customer’s termination rights set forth in the Master Vendor Agreement, any refunds or credits provided pursuant to this SLA will constitute Beekeeper’s sole liability and Customer’s sole and exclusive remedy for any failure to achieve an Availability of 99.9%. Availability shall be based on monitoring by Beekeeper, and Beekeeper will notify Customer of all missed service levels via status.beekeeper.io.

Force Majeure

Beekeeper will have no liability to the Customer under this Agreement if it is prevented from or delayed in performing its obligations under this Agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lockouts or other industrial disputes (whether involving the workforce of Beekeeper or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, fire, flood or storm. Beekeeper will provide Customer with notice of such an event and its expected duration.

Swiss Public Sector Non-Disclosure Agreement

Master Subscription Agreement – Swiss Public Sector

THIS MUTUAL NON-DISCLOSURE AGREEMENT (“NDA”) between Beekeeper AG and its affiliates and subsidiaries andis effective as of the date the agreement is signed by all parties. Each party may be individually referred to as “Party” and collectively referred to as the “Parties.”

To facilitate business discussions between the parties regarding certain proprietary information and in consideration of a Party’s disclosure of confidential information (“Discloser”) to the other Party (“Recipient”), the Parties agree as follows:

  1. For purposes of this NDA, “Confidential Information” means: any data or information that is proprietary to the Discloser and not generally known to the public, whether in tangible or intangible form, whenever and however disclosed, including, but not limited to: (i) any marketing strategies, plans, financial information or projections, operations, sales estimates, business plans and performance results relating to the past, present or future business activities of such party, its affiliates, subsidiaries and affiliated companies; (ii) plans for products or services, and customer or supplier lists; (iii) any scientific or technical information, inventions, designs, processes, procedures, formulas, improvements, technologies or methods; (iv) any concepts, reports, data, know-how, works-in-progress, designs, development tools, specifications, computer software, source code, object code, flow charts, databases,; and (v) any other information that should reasonably be recognized as confidential information of the Discloser. Confidential Information need not be novel, unique, patentable, copyrightable or constitute a trade secret in order to be designated Confidential Information. The Recipient acknowledges that the Confidential Information is proprietary to the Discloser, has been developed and obtained through great efforts by the Discloser and that the Discloser regards all of its Confidential Information as trade secrets.
  2. Confidential Information does not include information that the Recipient can demonstrate by documentation which (i) is or becomes available to the public without breach of this NDA; (ii) is explicitly approved for release by written authorization of the Discloser; (iii) is lawfully obtained from a third party or parties without a duty of confidentiality; (iv) is rightfully known to the Recipient prior to such disclosure; or (v) is independently developed by the Recipient without the use of the Discloser’s Confidential Information or breach of this NDA.
  3. If the Recipient is required to disclose Confidential Information pursuant to applicable law, statute, regulation, or court order, the Recipient will, to the extent permissible by law, give to the extent practicable, prompt written notice to the Discloser. In the event the Discloser, at its sole expense, seeks to make such disclosure subject to a protective order or other appropriate remedy to preserve confidentiality of the Confidential Information, the Recipient agrees to reasonably cooperate with the Discloser, to the extent practicable. Notwithstanding the foregoing, in the event of the Discloser’s failure to timely seek or obtain enforceable protective relief, the Recipient may disclose the Confidential Information requested without liability.
  4. The Recipient agrees to use the Confidential Information solely in connection with the current or contemplated business relationship between the parties (“Purpose”) and not for any purpose other than as authorized by this NDA. No other right or license, whether expressed or implied, in the Confidential Information is granted the Recipient hereunder. Title to the Confidential Information will remain solely with the Discloser. Nothing herein is intended to create nor does it create any legal obligation or relationship between the parties hereto, except for the matters specifically agreed to herein.
  5. For a period of three (3) years from the date of receipt of Confidential Information from the Discloser, the Recipient will:
    1. not disclose the other Party’s Confidential Information to any third party other than as expressly provided below;
    2. restrict disclosure of the other Party’s Confidential Information to only those employees, agents or consultants who must be directly involved with the Confidential Information for the Purpose and who are bound by confidentiality terms substantially similar to those in this NDA;
    3. be responsible for any breach of this NDA by any employees, agents or consultants as if the Recipient itself had made such a breach;
    4. use the same degree of care as for their own information of equal importance, but at least use reasonable care, in safeguarding against disclosure of Confidential Information;
    5. promptly notify the Discloser upon discovery of any unauthorized use or disclosure of the Confidential Information and prevent further unauthorized actions or other breach of this NDA; and
    6. use Confidential Information only in connection with the Purpose.
    7. within 10 days of receipt of the Discloser’s written request, the Recipient will return to the Discloser or certify the destruction of all documents and electronic or other media bearing Confidential Information, except that to the extent there is Confidential Information of the Discloser in the electronic back-up files of the Recipient, the Recipient may keep such Confidential Information until destroyed according to its regular document destruction policies.
  6. The term of this NDA is three (3) years from the Effective Date. Either Party may terminate this NDA for any reason by giving 30 days’ written notice to the other Party. The Recipient’s obligations regarding Confidential Information as stated in paragraph 5 above, and 7, 8 and 9 below will survive the expiration or termination of this NDA.
  7. The existence and terms of this NDA are Confidential Information.
  8. Due to the valuable and unique character of the Confidential Information, the parties agree that the unauthorized dissemination of same would destroy or diminish the value of such Confidential Information. Damages from such dissemination would be impossible to calculate. Therefore the Discloser has the right to seek injunctive relief against the Recipient and shall in addition to any other available relief be entitled to recover its reasonable costs and attorney’s fees. Further in the event of litigation relating to this NDA the prevailing party shall be entitled to recover its reasonable attorney’s fees and expenses.
  9. ALL CONFIDENTIAL INFORMATION IS PROVIDED “AS IS.” NO PARTY MAKES ANY WARRANTY, EXPRESSED OR IMPLIED, REGARDING THE SUFFICIENCY OR ACCURACY OF THE CONFIDENTIAL INFORMATION, AND ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR PURPOSE AND NON-INFRINGEMENT ARE EXPRESSLY EXCLUDED. IN NO EVENT WILL A PARTY BE LIABLE TO THE OTHER FOR ANY LOSS OF PROFITS, LOSS OF USE, INDIRECT, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE, OR SPECIAL DAMAGES, WHETHER OR NOT FORESEEABLE. No license, expressed or implied, in the Confidential Information is granted other than to use the Confidential Information for the Purpose. The Discloser warrants that for any Confidential Information they disclose, they are authorized to disclose this information pursuant to this NDA. This NDA will not create a joint venture, partnership or any other business relationship.
  10. This NDA is governed by the laws of Switzerland. All disputes arising out of or in connection with these terms shall be governed by substantive Swiss law, excluding the conflict of law rules and the laws in treaties, including but not limited to the Uniform Law on Purchases (Vienna treaty). The competent Courts of the Canton of Zurich shall have exclusive jurisdiction to settle any dispute which may arise out of or in connection with these terms.
  11. This NDA may be executed by counterparts and all counterparts taken together constitute one instrument. This NDA constitutes the entire agreement between the Parties and supersedes any other written or oral agreements concerning this subject matter. This NDA may only be modified in writing by the Parties. Neither Party may assign their rights under this NDA without the prior written consent of the other Party.
  12. Any notice under this NDA will be in writing and will be deemed to have been duly given when delivered personally or three (3) days after such notice is deposited in writing in post, registered, postage prepaid, and addressed to each Party at such Party’s address shown on the signature page of this NDA.

Beekeeper AG

Name:
Title:
Address:
Phone:
Email:

Name:
Title:
Address:
Phone:
Email:

This NDA has been executed by the authorized representatives of the Parties, as indicated by their respective signatures below:

Beekeeper AG

Name:
Title:
Date:

Name:
Title:
Date:

Subprocessors

Subprocessors

Download as PDF

A Third Party Company as defined in GDPR Art. 4 (Third Party Company) is one which is commissioned on behalf of the Processor (Beekeeper) or Controller (Customer) to process Personal Data (of technical nature) but have no access to Customer Data, in order for use of services provided by the Third Party Company. A Subprocessor is together with the Processor providing 1 Product and Services to the Customer and has as a potential of their subprocessing access rights also access to Customer Data.

Subprocessors are part of the contractual agreement of the Processor and have access to Customer (Controller) Data by default or virtue of their activities. Third Party Companies have no access to Customer Data.

Beekeeper Poland is not an authorized subprocessor to have access to the CH Data Center.

SubprocessorsPurposeLocation
Amazon Web Services (Dublin)Data Center Facilities and ServicesDublin, Ireland (EU)
Amazon Web Services (Frankfurt)Data Center Facilities and ServicesFrankfurt, Germany (EU)
Amazon Web Services (Portland/Oregon)Data Center Facilities and ServicesPortland, Oregon (North America)
Google Limited IrelandData Center Facilities and ServicesZurich, Switzerland
Beekeeper Poland Sp.z.o.oProduct and Platform Maintenance and Support ServicesKrakow, Poland (EU)

Third Party Service Providers

In accordance to our Privacy Policy, (https://beekeeper.io/privacy-policy/) we use services of Third Party Service Providers, for which Personal Data such as IP address, E-Mail address, tel. number, first and last name, may be transferred to or pass through or stored on their systems for further analysis and processing by Beekeeper. The content excludes any related Customer Data (e.g. chats, stream posts etc.) as defined in our Beekeeper Subscription Agreement. Third Party Companies are service providers over the Internet and not considered as Sub Processors with access for processing under this offering.

Where available by the Third Party Service Provider for such services, Beekeeper has contractual agreements in place. Any Personal Data that is transferred is pushed by the Beekeeper Product and Services. The Third Party Service Providers do not PULL any Personal Data from Beekeeper.

Third-Party Service ProviderPurpose
DataVirtualityAnalysis of metadata
LookerAnalysis of metadata
IterativeProcessing Metadata
PandaDocCRM
SalesForceCRM
AWS (EU / US)Data Center Service Provider
Google Ireland Limited (CH)Data Center Service Provider
VSHNDatabase Encryption in Switzerland.
WoelkliEncrypted Storage Facilities independent of Data Center facilities
SentryError Tracking
AbsorbLearning Management System
MixPanelMobile Apps
IntercomProduct Marketing Communication
Atlassian – JIRAProcessing internal ticketing systems
GoogleSending Notifications, E-mails and Analysis of metadata
AWS (EU / US)Sending Notifications, E-mails and Analysis of metadata
AppleSending Notifications
TwilioSMS-related services
Logz.io and SysdigSystem log analysis and intrusion detection facilities
ZendeskTicket Support with Beekeeper

Video Processing for Swiss Data Center

Processing of video attachments for Swiss Data Center tenants is performed using AWS Frankfurt video processing facilities. Swiss Data Center Video’s processed in Frankfurt are stored locally in Frankfurt and encrypted at rest. Beekeeper’s Video feature may be enabled or disabled for each tenant independently.

Third-Party Service Providers Applicable to Prospects, Visitors of Our Website and Demo and Self-Service Tenants

In addition to the above when Demo and SelfService tenants are utilized, the following Third Party Service Providers may also be used accordingly for the purpose described: Hubspot, Outgrow, Outreach, Bing, LinkedIn, Twitter, Facebook, Clearbit, Hotjar, Albacross, Greenhouse (all aforementioned for Marketing & Sales purposes), DataVirtuality & Looker (metadata analysis).

Third-Party Service ProviderPurpose
AlbacrossMarketing & Sales
BingMarketing & Sales
ClearbitMarketing & Sales
FacebookMarketing & Sales
GreenhouseMarketing & Sales
HotjarMarketing & Sales
HubspotMarketing & Sales
LinkedInMarketing & Sales
OutgrowMarketing & Sales
OutreachMarketing & Sales
TwitterMarketing & Sales
DataVirtualityMetadata analysis
LookerMetadata analysis

Terms of Service

Terms of Service

Beekeeper Website and App End User Terms of Service

These Beekeeper software as a service terms (the “Terms”) are effective as of the date you (i) click a button indicating your acceptance of these Terms, or (ii) access or use the Services, whichever is the earlier. These Terms govern your access to and use of Beekeeper A.G.’s (“Beekeeper”, the “Company”, “we”, “us” or “our”) internal communications software services purchased by your Organization. The Beekeeper Privacy Policy is hereby incorporated by reference. If you do not accept these Terms then you may not use the Service. Any capitalized terms not otherwise defined in these Terms shall have the meanings given in clause 9 of these Terms.

1. Services

1.1  Beekeeper provides the Services to you solely for the purposes of allowing you to communicate with your colleagues within Your Organization as part of its provision of Services to Your Organization.

1.2  In consideration of you granting us a license to use Your Data as set out in clause 4.2, we shall provide you with access to the Services in accordance with these Terms.

1.3  Additional terms and conditions of use of the Services may appear on the registration page or other pages for such Services and such terms and conditions are incorporated into these Terms by reference and are legally binding.

2. Your Obligations

2.1  You represent and warrant that you:

2.1.1 shall only access and use the Services solely for internal business purposes and in accordance with your Engagement Terms, solely during the working hours and in such manner as defined in or consistent with such Engagement Terms;

2.1.2 shall provide all necessary co-operation and information as may be reasonably required by us and/or Your Organization in order to provide the Services;

2.1.3 shall ensure that you use the Services in accordance with these Terms and any terms of use (“Fairplay Rules”) issued by Your Organization from time to time and notified to you, and comply with all applicable laws and regulations with respect to your use of the Services;

2.1.4 shall use all reasonable efforts to prevent any unauthorized access to, or use of, the Services and, in the event of any such unauthorized access or use, promptly notify us. You acknowledge that User subscriptions are for designated Users and cannot be shared or used by more than one User but may be reassigned to new Users replacing former Users who no longer require ongoing use of the Services, at Your Organization’s discretion;

2.1.5 shall not include any Inappropriate Content or Viruses or any other information or material, any part of which, or the accessing of which or use of which would be a criminal offense or otherwise unlawful, including the breach of any Intellectual Property Rights of any other party. Your Organization reserves the right but is not obligated to remove such content where, in Your Organization’s sole discretion, Your Organization suspect such content to be Inappropriate Content and/or in breach of the Fairplay Rules;

2.1.6 shall not include any personal data which you do not want to be made publicly available to Your Organization and all other Users and to the extent you do provide such information, neither we nor Your Organization shall be liable for any use and publishing of such data;

2.1.7 shall be solely responsible for the accuracy, completeness, design, appropriateness, creation, maintenance, and updating thereof of all Your Data in the use of the Services.  Neither we nor Your Organization shall be liable for any errors or inaccuracies in any of Your Data or beyond the responsibility to accurately reproduce Your Data on your instruction; and

2.1.8 shall be responsible for obtaining all necessary licenses and consents required to use Your Data (if any, and including but not limited to those from the owners or licensees of any third party information) and as part of the Services and you warrant and represent that such licenses and consents have been obtained;

2.2  When using the Services you shall at all times:

2.2.1 keep a secure password for use of the Services, change it frequently and keep the password confidential;

2.2.2 conduct your business with the highest of ethical standards and fairness;

2.2.3 treat and communicate with all other Users in a respectful and professional manner at all times; and

2.2.4 use all reasonable endeavors to prevent any unauthorized access to, or use of, the Services and, in the event of any such unauthorized access or use, promptly notify us.

2.3  You shall ensure you shall not:

2.3.1 access, store, distribute or transmit any Viruses during the course of your use of the Services; or

2.3.2 access all or any part of the Services in order to create or build a product or service which competes in whole or part with the Services; or

2.3.3 use the Services to provide services to third parties other than Your Organization and other Users within Your Organization; or

2.3.4 reverse engineer, decompile, disassemble, modify, license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit the Services, or otherwise make the Services available to any third party; or

2.3.5 interfere with or disrupt the integrity or performance of the Services or third-party data contained therein; or

2.3.6 attempt to gain unauthorized access to the Services or their related systems or networks; or

2.3.7 at any time in connection with your use of the Services disclose any information concerning other Users that is not already contained in the public domain, except to the extent permitted by such other Users and to the extent that it is not Inappropriate Content.

2.4  In the event of breach of this clause 2, or if your Engagement Terms are terminated for any reason, both we and/or Your Organization reserve the right, without liability or prejudice to our other rights, to disable your access to the Services.

2.5  Neither we nor Your Organization shall be liable in any way whatsoever for any claims or losses, damages or costs arising out of: (i) your breach of these Terms; or (ii) your acts or omissions, including without limitation any negligent or fraudulent acts or omissions by you in connection with your use of the Services; or (iii) breach or violation by you of any applicable laws or rights of any third party.

3. No Warranty as to Service

The Services are provided “as is” and “as available” without any warranty or support whatsoever except for any support we may offer at our discretion from time to time. We do not make any representations and disclaim all warranties, express, implied or statutory, including warranties, terms and conditions of merchantability, accuracy, correspondence with description, fitness for a particular purpose or use, satisfactory quality and non-infringement.

4. Your Data

4.1  You shall own and retain full ownership of Your Data and shall have sole responsibility for the legality, appropriateness, completeness, reliability, integrity, accuracy and quality of Your Data.

4.2  Solely to provide you with the Services, you grant us and your Organization a non-exclusive, worldwide, perpetual license to host, copy, transmit and display Your Data and where applicable to incorporate Your Data with the Organization Data and Beekeeper Data only as necessary for us to provide the Services to Your Organization in accordance with these Terms.

4.3  You acknowledge that neither we nor Your Organization are obliged to edit and/or modify Your Data and are not responsible for the accuracy, completeness, appropriateness, safety or legality of Your Data or any other information or content you may be able to access using the Services, including without limitation the data of other Users of the Services.  You further acknowledge that any communication with other Users while using the Services is your sole and exclusive responsibility and neither we nor your Organization will be held responsible or liable in any way for any copyright infringement or violation, or the violation of any other person’s rights or the violation of any laws arising or relating to Your Data.

4.4  We will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Your Data as described in our Privacy Policy. We do not guarantee that Your Data will be free from loss, theft, misuse, or unauthorized access, disclosure, alteration or destruction. You are solely responsible for protecting your passwords, limiting access to your computers and devices, and signing out of the Services when you are not using them.

4.5  Your Organization reserves the right to remove any of Your Data which Your Organization reasonably believes breaches any laws or regulations, any third party’s rights, any Fairplay Rules, or these Terms and/or is deemed Inappropriate Content. Your Organization will notify you if it removes any of Your Data in accordance with this clause.

4.6  If Your Organization installs or enables Third-Party Applications for use with Services, You acknowledge that those Third-Party Applications shall be able to access Your Data as required for the interoperation of such Third-Party Applications with the Services and any such access and use of Your Data shall be subject to the privacy policies of such Third-Party Application provider which shall be notified to you.

5. Privacy Policy

By using the Services, you acknowledge, accept and agree with all provisions of the Privacy Policy as made available by us to you. You also acknowledge and accept any privacy policy notified to you by any Third Party Applications for use with the Services.

6. Beekeeper IP Ownership

You acknowledge and agree that we and/or our licensors own all Intellectual Property Rights in the Services and all related software and applications, the Beekeeper Data. Except as expressly stated herein, these Terms do not grant you any rights to, or in, patents, copyrights, database rights, trade secrets, trade names, trademarks (whether registered or unregistered), or any other rights or licenses in respect of our software, Services.

7. Term and Termination

7.1  These Terms are binding on you until your User subscription granted in accordance with an agreement between Your Organization and us has expired or been terminated, unless earlier terminated if you are in breach of these Terms or if your Engagement Terms are terminated.

7.2  On termination of these Terms for any reason:

7.2.1 all rights of use granted under these Terms shall immediately terminate and you shall cease the use of the Services;

7.2.2 except where we are required by law to retain a copy of Your Data in accordance with applicable law or regulations, we may destroy or otherwise dispose of any of Your Data in our possession; and

7.2.3 the accrued rights of the parties as at termination, or the continuation after termination of any provision expressly stated to survive or implicitly surviving termination, shall not be affected or prejudiced.

8. General

8.1  You are contracting with Beekeeper AG, Hardturmstrasse 181, 8005 Zürich, Switzerland.

8.2  All disputes arising out of or in connection with these Terms shall be governed by substantive Swiss law excluding the conflict of law rules and the Laws in treaties including but not limited to the Uniform Law on Purchases (Vienna treaty). The Commercial Court of the Canton of Zurich shall have exclusive jurisdiction to settle any dispute which may arise out of or in connection with these Terms.

8.3  The parties are independent contractors and these terms not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties.

8.4  There are no third-party beneficiaries to these Terms.

8.5  No failure or delay by either party in exercising any right under these Terms shall constitute a waiver of that right.

8.6  If any provision of these Terms is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of these Terms shall remain in effect.

8.7  You may not assign any of your rights or obligations hereunder, whether by operation of law or otherwise, without our prior written consent. We may transfer our rights and obligations under these Terms to another organization, but this will not affect your rights or our obligations under these Terms. Subject to the foregoing, these Terms shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.

9. Definitions

Beekeeper Data: any meta data extracted by us from your use of the Services to be used to provide the Services and any feedback or suggestions from you to us relating to the Services;

Engagement Terms: means the contractual terms signed between you and Your Organization governing your professional working relationship with Your Organization.

Inappropriate Content: content which (a) is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive; (b) facilitates illegal activity; (c) depicts sexually explicit images; (d) promotes unlawful violence; (e) is discriminatory based on race, gender, color, religious belief, sexual orientation or disability; or (f) causes damage or injury to any person or property;

Intellectual Property Rights: including without limitation, rights in patents, trademarks, service marks, trade names, other trade-identifying symbols and inventions, copyrights, design rights, database rights, rights in know-how, trade secrets and any other intellectual property rights arising anywhere in the world, whether registered or unregistered, and including applications for the grant of any such rights;

Organization Data: all data relating to and owned by Your Organization as governed by the terms of your engagement with Your Organization and including all information or data exchanged by Your Organization with its Users or between Users through the Services.

Services: our internal communications software as a service offering made available to you to use in accordance with these Terms without charge, including: (i) access to the Beekeeper Data; and (ii) access to the Beekeeper hosting platform, as may be amended from time to time by agreement between us and Your Organization.

Third-Party Applications; means online applications and offline software products that are provided by third parties and interoperate with the Services;

Users: means any individual who is authorized by Your Organization to use the Services, for whom a subscription to the Service has been purchased and an account created, and includes employees, consultants, contractors and agents;

Virus: any thing or device (including any software, code, file or program) which may prevent, impair or otherwise adversely affect the access to or operation, reliability or user experience of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device, including worms, trojan horses, viruses and other similar things or devices;

Your Data: the data and information you provide to us and/or inputted by you into the Service for the purpose of creating a User account, but excluding the Organization Data and Beekeeper Data.

Your Organization: means the organization which employs you, or engages you as a consultant, contractor or agent and has subscribed to our Services.

Last update: 31.05.2016

Privacy Policy

Privacy Policy

• Applicability

This Privacy Policy applies to Beekeeper Company websites (and any subsidiaries), but does not apply to any third party websites that may be linked to our websites, which will be governed by their own privacy policies.

California Consumer Privacy Act (CCPA) : We are not in the business of selling Personal Data or Information. We do not sell any collected Personal Data or Information. Personal Data or Information that is collected by us as a result of your visiting our website or using our product and services in any form, is only processed for that purpose or any other purpose that you consent to us. As a consumer, you have extensive rights under the CCPA. We have described these below for you. Contact us under the contact details provided below if you have any questions or concerns.


• Controller

Beekeeper Ltd. (Hardturmstrasse 181, 8005 Zürich, Switzerland, E-Mail: contact@beekeeper.io) is controller in the sense of article 4 (7) of the European Data Protection Regulation (“GDPR”). 

Our Group Data Protection and Privacy Officer is Dr. Amir Ameri and he can be contacted at dpo@beekeeper.io. 

Our representative in the EU is [Mindspace c/o Beekeeper GmbH – Skalitzer Str. 104 – 10997 Berlin – Germany].


• General Information

The terms “We”, “Us”,” Our” mean Beekeeper AG. The terms “You” and “Your” refer to You, as a user or visitor of our website provided Services. The term “personal data” refers to all information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person, as set out in Art. 4 (1) GDPR. In addition, personal data subject to the Swiss Data Protection Act comprises data of legal persons.
 

• Collection of Data

Information. You may give Us information about You by submitting information on Our site beekeeper.io (“Our Site”) or by corresponding with Us by phone, email or otherwise. This includes information You provide when You register to use Our Site, subscribe to Our Site services, participate in discussion boards or other social media functions on Our Site, and when You report a problem with Our Site. The information You give Us may include your name, address, email address, phone number, personal description or photograph. Any processing of your personal data is based on a legal basis which is indicated below.


• Purpose of processing and legal basis

Any processing of data requires a legal basis. If the processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures taken at the request of the data subject, the processing may be based on Art. 6 para. 1 lit. b) DSGVO.

If the processing is necessary to safeguard the legitimate interests of the data controller or a third party, provided that the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail, it can be based on Art. 6 para. 1 lit. f) DSGVO.

We process your data for the following purposes:

  • to fulfil our obligation to make the services available to you in accordance with the service conditions concluded between you and us; the legal basis for data processing is Art. 6 Para. 1 lit. b) DSGVO.
  • to inform you about changes to our services; the legal basis for data processing is Art. 6 para. 1 lit. b) DSGVO.
  • to ensure that the content of our website is presented on your computer as efficiently as possible; the legal basis for data processing is Art. 6 para. 1 lit. b) or f) DSGVO.
  • in order to enable you to participate in test and trial offers of our services; the legal basis for data processing is Art. 6 para. 1 lit. b DSGVO. 
  • to inform you about parts of the services which we believe to be of interest to you if you have given your consent; the legal basis for data processing is Art. 6 para. 1 lit. a) DSGVO;
  • as part of our efforts to offer you the greatest possible security when using our site. The legal basis for data processing is Art. 6 para. 1 lit. f) DSGVO.

We also process data that cannot be assigned to any person. These are data that do not personally identify you, including anonymous information and aggregated data. This information helps us better understand how our visitors use the Services, analyze demographics, interests and behaviors of our visitors, improve the Services, provide customized services and information to visitors, and similar purposes.


• Feedback

If You contact Us to provide feedback, register a complaint, or ask a question, We will record any Personal Information and other content that You provide in Your communication so that We can effectively respond to Your communication. We reserve the right to use this information in any manner permitted by law, to respond to Your communication. The processing of your personal data for feedback processing is based on Art. 6 para. 1 lit. f) DSGVO.


• Activity

When You use the Services, We receive and store certain information which may include Your Personal Information, regarding Your use of the Services. Examples include IP addresses, browser types, domain names, and other statistical data regarding Your use of the Services. We may use this data in a way that does not disclose any of Your personally identifiable information, including, but not limited to, for purposes of developing new product and service offerings.


• Cookies 

We may send cookies to Your computer in order to uniquely identify Your browser and improve the quality of Our service. The term “cookies” refers to small pieces of information that a website sends to Your computer’s hard drive while You are viewing the site. We may use both session cookies (which expire once You close Your browser) and persistent cookies (which stay on Your computer until You delete them). Persistent cookies can be removed by following Your browser help directions. If You choose to disable cookies, some areas of Our Site and Services may not work properly or at all. The use of cookies is based on Art. 6 Para. 1 lit. f) DSGVO.
 

• Disclosure of Information

We may disclose Your Personal Information:


• Legal obligation
In response to a request for information if we believe such disclosure is in accordance with any applicable law, regulation or legal process, or as otherwise required by any applicable law, rule or regulation. The legal basis for processing to fulfil a legal obligation is Art. 6 (1) (c) DSGVO.  


• Violation of Terms of Services
If we believe your actions are in violation of Our Terms of Service and Privacy Policy, or to protect the rights, property and safety of Us or others. In this case, the transfer is based on Art. 6 para. 1 lit. f) DSGVO.


• Disclosure within the Beekeeper Group
If necessary, we transmit personal data to other parts of the company, e.g. for billing purposes. In this case, the transfer is based on Art. 6 para. 1 lit. f) DSGVO.
 

• Links

Our Website and Services may contain links to third party websites to which We have no affiliation. Except as set forth herein, We DO NOT SHARE Your Personal Information with those third parties, and are not responsible for and accept no liability for their privacy practices. We suggest You read the privacy policies on all such third party websites.


• Security

We take commercially reasonable steps to protect Your Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. We use up to date TLS-encryption that your systems support when transmitting data via Our systems. However, We cannot guarantee that all Internet or email transmission is fully secure or error free and except for Our guarantee to use commercially reasonable and up to date measures to technically secure any data transmission, We cannot guarantee their absolute security and We therefore cannot be held liable for intercepted information sent via the Internet or for third parties using revoked, stolen, forged, or otherwise insecure certificates. You should therefore take special care in deciding what information You send to Us via email and keep this in mind when disclosing any Personal Information to Us or to any other party via the Internet.


• Retention Period

We store your personal data for as long as is necessary for the purpose for which it was collected or for fulfilling our legal obligations, such as statutory retention periods. The data will be deleted at the latest within one month after the respective purpose no longer applies.


• Your Rights

You as the data subject are entitled to extensive rights which you can assert against us. Upon request, we will inform you in writing, in accordance with the applicable statutory provisions, whether and, if so, which personal data we have stored about you. You can inspect your personal data at any time and free of charge and demand its correction and/or deletion and/or blocking. For this purpose and/or to obtain further information, please contact us at dpo@beekeeper.io.

You have the right to receive the personal data we hold about you in a structured, common, machine-readable format. Upon request, we will transfer your personal data to another controller. If you wish to exercise any of the rights mentioned in this section or if you have any questions about the processing of your personal data, please contact us at the above e-mail address. You can also contact our data protection officer at dpo@beekeeper.io, who will be happy to provide you with any further information you may require or deal with your suggestions or complaints.

You also have the right to file a complaint with the relevant data protection authority.


• Existence of an Automated Decision Making Process

As a responsible company, we refrain from automatic decision-making or profiling.


• Conditions and Changes to this Privacy Policy

We are free to change this privacy policy at any time. The new version will always be posted on this website. These changes will be effective immediately for new users of our services and will become effective for existing users through continued use of the services after the effective date of the posted change. If you do not wish to approve the changes to our use of your personal information, you must notify us before such changes take effect that you wish to deactivate your account with us. Please note that you are always responsible for keeping your personal information up to date and providing us with your current contact information.
 

PDF: 3rd Party Use Statement Declaration Form


Questions?
Please also feel free to contact our Data Protection Officer  if You have any questions about this Privacy Policy or Our Data Processing Agreement or Our practices with respect to Your Personal Information. You may also write to us at the following address:

Beekeeper AG
Hardturmstrasse 181
8005 Zürich
Switzerland

Dr. Amir Ameri

Beekeeper Data Protection & Privacy Officer

dpo@beekeeper.io



Last update 22/05/2020